The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
Software | From | Fixed in |
---|---|---|
gitlab / gitlab | 5.0.0 | 5.4.2 |
gitlab / gitlab | 6.0.0 | 6.2.1 |
gitlab / gitlab | 6.0.0 | 6.2.4 |
gitlab / gitlab-shell | - | 1.7.8 |